Latest Intel CrossTalk Vulnerability Now Patched in Debian GNU/Linux, CentOS and RHEL

Latest Intel CrossTalk Vulnerability

The latest Intel CrossTalk vulnerability is now patched in Debian GNU/Linux, CentOS Linux, as well as Red Hat Enterprise Linux systems.

The recent SRBDS (Special Register Buffer Data Sampling) hardware vulnerability (CVE-2020-0543) also known as CrossTalk, was discovered by researchers from Vrije Universiteit Amsterdam in some Intel processors. The flaw could allow local attackers or virtual machine guests to expose sensitive information like cryptographic keys from other users or VMs.

Already patched in all supported Ubuntu releases, the vulnerability has also been patched last week in the Debian GNU/Linux 10 “Buster,” Debian GNU/Linux 9 “Stretch,” CentOS Linux 7, CentOS Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 6 operating system releases.

“Researchers at VU Amsterdam discovered that on some Intel CPUs supporting the RDRAND and RDSEED instructions, part of a random value generated by these instructions may be used in a later speculative execution on any core of the same physical CPU,” reads the security advisory.

To mitigate the vulnerability in their systems, users will have to install the latest Linux kernel and Intel microcode updates, which are now available in the stable software repositories of their distributions. For Debian GNU/Linux 10 “Buster” systems, the vulnerability is fixed in kernel 4.19.118-2+deb10u1 and intel-microcode 3.20200609.2~deb10u1.

For Debian GNU/Linux 9 “Stretch” systems, users need to update the kernel to version 4.9.210-1+deb9u1 and the intel-microcode package to version 3.20200609.2~deb9u1. Please note that the intel-microcode package is available in Debian’s non-free repository, but it can also be installed as part of a system firmware (BIOS) update.

For Red Hat Enterprise Linux 6 and CentOS Linux 6 systems, users must update the kernel to version 2.6.32-754.30.2.el6, as well as to the intel-microcode package to version 1.17-33.26.el6_10, which are available for both 32-bit and 64-bit architectures. And for Red Hat Enterprise Linux 7 and CentOS Linux 7 systems, update to the intel-microcode package to version 2.1-61.6.el7_8.

These kernel updates only provide reporting of the Special Register Buffer Data Sampling (SRBDS) vulnerability, along with a command-line option that lets you disable the mitigation in case your system suffers from performance degradation. Please reboot your systems after installing the new Linux kernel and intel-microcode updates.

Last updated 4 years ago

Buy Me a Coffee at